Hacker News new | ask | show | jobs
by ls15 1293 days ago
GDPR - great

Digital Services Act - great

Chat control and all the other pushes for increased surveillance - terrible, don't these guys know history?

There is no need to applaud/reject them all.

> I assume GDPR is very popular here despite making software development a huge pain

If it creates a huge pain, then the data probably wasn't handled in a respectful way in the first place.
1 comments
pclmulqdq 1293 days ago
What's respectful about presenting you with a wall of text T&C document, giving you a checkbox to indicate you read it, and mining the crap out of your data on a server located in Europe? GDPR allows that - in fact, it assumes that you will want to mine the crap out of user data and specifies where.

GDPR has a few good ideas about encrypting data buried in its ~170 articles, but most companies were doing that already because data breaches are expensive.

The rest of GDPR is about (essentially) trade protectionism: they want you using European servers to store and process data. They want that data in easy reach of other EU laws and enforcement agencies.

link
ls15 1293 days ago
Other websites like Github decided to comply in a way that does not require cookie banners. I think that the users appreciate it.
link
pclmulqdq 1293 days ago
There are a lot of other clauses than just the cookie banners. In fact, the cookie banners are far from the most annoying part if you want to be compliant.

I would go so far as to say that most startups which don't do 100% of their compute within European borders are likely non-compliant with GDPR by the law as written.

Edit: To be clear, I would have no problem with the level of trade protectionism if it only applied to companies that do $X million of business in the EU. That's how every other data residency law is set up. If you want to force series E+ companies through weird hurdles, have fun.

link
xxs 1292 days ago
>I would go so far as to say that most startups which don't do 100% of their compute within European borders are likely non-compliant with GDPR by the law as written.

What personal data do the startups require that's hard to rein?

link